Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/DcXuNp0QmK9WVJSAS2AkU0bHmaM.roa
File:                     DcXuNp0QmK9WVJSAS2AkU0bHmaM.roa (raw, json)
Hash identifier:          AaoRbP9WeYTZaREwHW312qpPkvIn9EXUIz4qW9uEv2U=
Subject key identifier:   0D:C5:EE:36:9D:10:98:AF:56:54:94:80:4B:60:24:53:46:C7:99:A3
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019CA140D94736D714E9D05153F416A95598
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/DcXuNp0QmK9WVJSAS2AkU0bHmaM.roa
Signing time:             Fri 27 Feb 2026 22:38:27 +0000
ROA not before:           Fri 27 Feb 2026 22:38:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206058
IP address blocks:        2a0c:9a40:8e70::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a1:40:d9:47:36:d7:14:e9:d0:51:53:f4:16:a9:55:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Feb 27 22:38:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0dc5ee369d1098af565494804b60245346c799a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:8c:7b:4a:6c:25:15:0a:df:8c:ba:f8:ba:2f:
                    4b:18:cb:fd:d2:1e:df:1c:20:d0:32:76:18:7c:6b:
                    48:71:f8:32:0b:ac:6e:25:92:80:7f:4c:eb:9f:07:
                    28:ab:8a:26:b7:78:59:62:73:a8:02:2e:4a:18:ae:
                    74:c5:17:d7:49:13:c9:b0:7b:e5:62:aa:5d:7f:05:
                    c0:b7:81:e1:a1:1e:cb:2b:78:0f:7b:b5:ce:dd:82:
                    71:ce:4c:25:a0:d7:de:49:60:a4:fb:17:41:16:40:
                    30:4c:20:a7:df:87:cd:a3:75:e1:31:11:0c:bf:9f:
                    49:63:ff:3c:23:e2:8b:c6:8f:2d:2d:7f:2b:3c:fe:
                    e8:4e:1c:72:1a:dd:7d:08:15:31:74:e0:ca:e6:a4:
                    d1:49:f2:9c:60:9b:38:d4:bd:e6:f3:78:61:ea:59:
                    9d:5b:1e:67:3a:73:34:49:d3:3c:85:cc:8d:94:d6:
                    4f:16:93:00:4d:9f:c6:21:1b:67:e0:a8:41:12:c0:
                    bb:c7:15:35:71:92:f3:66:c9:fe:5a:6a:74:d1:8d:
                    4f:77:07:cc:52:91:8b:6e:69:38:e1:d4:65:91:bf:
                    7a:a6:0c:fa:ea:1c:66:e6:31:b0:eb:63:1b:3c:8a:
                    cc:f3:0f:89:9a:89:86:df:66:c3:e9:ac:56:53:fe:
                    b9:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:C5:EE:36:9D:10:98:AF:56:54:94:80:4B:60:24:53:46:C7:99:A3
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/DcXuNp0QmK9WVJSAS2AkU0bHmaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8e70::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:53:47:df:f8:ae:a8:47:25:10:7d:9b:72:4f:31:a9:bc:01:
         07:00:f9:f3:83:7e:14:08:c5:cc:f8:da:5c:38:88:23:5f:66:
         e2:ca:11:16:ec:41:41:ec:e8:33:75:af:f0:51:b1:9f:81:a7:
         6c:6d:21:64:a0:c3:41:62:13:c3:2f:bb:a7:bf:34:f1:7b:4d:
         77:86:ff:21:2e:eb:9d:8e:7e:11:9a:91:ac:89:5d:a1:10:c1:
         34:c6:71:9d:d3:a7:92:39:12:6d:8d:1b:8f:64:1d:57:85:be:
         a7:71:ae:e2:c8:97:55:23:6d:65:21:9b:56:a2:88:a9:b6:08:
         85:41:90:a7:b7:35:21:9f:24:63:73:f0:81:76:25:d3:16:dd:
         c3:14:23:b3:e6:b2:62:6f:49:12:ed:e9:be:c3:57:0e:c5:18:
         46:97:38:a8:4e:62:53:48:77:f3:54:c6:c2:39:76:64:e8:8a:
         04:86:d9:37:49:3e:0c:4e:b7:42:92:21:de:18:df:58:71:62:
         4f:55:1b:54:3f:d5:cd:ca:f9:83:05:05:5b:c9:e3:9e:96:35:
         fd:1c:8f:53:8f:c5:d8:d7:f9:84:41:ed:d4:b8:9d:bb:69:fb:
         d6:61:96:18:3a:1b:ef:61:2c:eb:22:f8:55:c3:20:73:b1:a8:
         d5:62:16:e9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZyhQNlHNtcU6dBRU/QWqVWYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjYwMjI3MjIzODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGM1ZWUzNjlkMTA5OGFmNTY1NDk0ODA0YjYwMjQ1MzQ2Yzc5OWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApox7SmwlFQrfjLr4ui9LGMv90h7f
HCDQMnYYfGtIcfgyC6xuJZKAf0zrnwcoq4omt3hZYnOoAi5KGK50xRfXSRPJsHvl
YqpdfwXAt4HhoR7LK3gPe7XO3YJxzkwloNfeSWCk+xdBFkAwTCCn34fNo3XhMREM
v59JY/88I+KLxo8tLX8rPP7oThxyGt19CBUxdODK5qTRSfKcYJs41L3m83hh6lmd
Wx5nOnM0SdM8hcyNlNZPFpMATZ/GIRtn4KhBEsC7xxU1cZLzZsn+Wmp00Y1PdwfM
UpGLbmk44dRlkb96pgz66hxm5jGw62MbPIrM8w+JmomG32bD6axWU/65TQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA3F7jadEJivVlSUgEtgJFNGx5mjMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvRGNYdU5wMFFtSzlXVkpTQVMyQWtVMGJIbWFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQI5w
MA0GCSqGSIb3DQEBCwUAA4IBAQBLU0ff+K6oRyUQfZtyTzGpvAEHAPnzg34UCMXM
+NpcOIgjX2biyhEW7EFB7Ogzda/wUbGfgadsbSFkoMNBYhPDL7unvzTxe013hv8h
Luudjn4RmpGsiV2hEME0xnGd06eSORJtjRuPZB1Xhb6nca7iyJdVI21lIZtWooip
tgiFQZCntzUhnyRjc/CBdiXTFt3DFCOz5rJib0kS7em+w1cOxRhGlzioTmJTSHfz
VMbCOXZk6IoEhtk3ST4MTrdCkiHeGN9YcWJPVRtUP9XNyvmDBQVbyeOeljX9HI9T
j8XY1/mEQe3UuJ27afvWYZYYOhvvYSzrIvhVwyBzsajVYhbp
-----END CERTIFICATE-----